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(54) User controlled browser 

(57) A mechanism provides a user-controlled infor- 
mation disclosure process. A user information database 
(206,208), a BrowserlD Client applet (406). and a 
BrowserlD Website database (408) are configured at a 
user terminal (102). The user information database con- 
tains a plurality of information records about a user's 
identification information and access levels fa the 
respective information records. The BrowserlD Website 
database contains the names of web sites and access 
levels for the respective web sites. In response to a 
request for user information from a web site, the 
BrowserlD Client applet checks the existing access 
level in the BrowserlD Website database for the web 
site (or negotiates a new level), and if appropriate, 
retrieves the access key granted by the web site to gain 
access to a controlled portion of a website. 
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Description 

The present invention relates to a method and 
apparatus for providing user identification and transac- 
tion information to web sites in the process of getting 
access to the web sites. 

H is known a user can retrieve information from 
world wide web sites (or web sites) via the Internet 
More specifically, in retrieving desired information from 
a particular web site, the user sends a service request 
to the web site by using the web browser software at a 
user terminal. Upon receiving the service request 
server software for the web site searches the informa- 
tion repository (organized as web pages) in the web site 
according to the request and sends the desired infor- 
mation to the user terminal. Upon receiving the desired 
information, the web browser software displays the 
desired information in page format to the user. 

To enhance the quality of, expand the market for, 
and provide new services for their web site services, 
many web sites require visitor identification and ask for 
personal identification and demographic information 
before processing received service requests. Further, 
the user may be required to provide a credit card or 
other sensitive financial information The user identifica- 
tion can be useful for a number of purposes: to authen- 
ticate web visitors, to selectively grant access 
privileges, to facilitate the administration and billing of 
marketable services over the Internet, to provide more 
focused responses, to build customer history database 
to facilitate the consequent repeating services, to coiect 
marketing information, etc. 

At the present time, several approaches have been 
developed to gather user identification information. One 
approach, used by Netscape Inc.. is to "quietly" main- 
tain a file within the client accessible to the browser soft- 
ware at user terminals. When a user terminal sends a 
service request to a web site, the browser software first 
provides to the server software the information within 
the ffle (known as "cookies.txt") that applies to the 
server s domain (Internet address). One problem with 
this approach is that users have little control (short of 
deleting the file or its entries), regardless of what types 
of web sites they are visiting. Another problem with this 
approach is that the user identification may be incom- 
plete, because the user identification gathered is limited 
to the hardware and software configuration at the user 
terminal. Current tracking facilities identify a web visitor 
by recognizing a unique identifier associated with the 
web visitor based on exchanges between the browser 
software and the server software. Usually, the identifier 
is the IP (Internet Protocol) address of the user terminal 
the visitor is using. This type of identification is problem- 
atic since many on-line service providers (such as 
American Online and CompuServe) assign an IP 
address per user session and will re-use the IP address 
for other users when it is released. It is also possible 
that corporate proxy servers hide (or mask) individual IP 



addresses tor associated user terminals with their fire- 
walls. 

In another approach, many web sites have imple- 
mented a registration facility. After sending a service 

5 request to a web site, an HTML (Hyper Text Markup 
Language) form is presented to the web visitor, request- 
ing the visitor to fill in the form to provide information 
such as name, e-mail address, phone number, business 
affiliation, etc. Often the registration is accompanied by 

10 the issuance of personal ID and password for use in the 
next visit to the web site, typically giving the visitor 
access to pages of information and services not other- 
wise available. Such a registration process is cumber- 
some and inconvenient for a web site user. The format 

is of the identification information is designed to satisfy 
each individual web site and may be not consistent to 
the user. It is quite possible the information being 
requested is not handy at the moment when the user is 
visiting a web site. If multiple personal IDs and pass 

so words are issued, it is difficult for the user to remember 
the IDs and passwords and match them with appropri- 
ate web sites. 

To strike a balance between the users' privacy and 
the necessity to have user identification information, 

25 Daniel W. Connolly made two proposals in July of 1995 
("Request-ID header field" and "Anonymous Authenti- 
cation"). These two proposals focus on per session 
tracking and thus are not amenable to establishing a 
long term relationship between a web side provider and 

30 customer, or to providing insight to users identification 
for demographic purposes. A third proposal by Daniel 
W. Connolly suggests establishing an "electronic busi- 
ness card" through the use of HTML forms and ID field 
names that would facilitate the filling in of common reg- 

35 istration forms by having standardized field names that 
could automatically be filed by a browser. The browser 
user would have the opportunity not to submit the infor- 
mation or to edit it prior to submitting it. A problem with 
this proposal is the negative impact that it would have 

40 on caching performed by proxy servers since the ID 
information would be transmitted via URLs (Unfform 
Resource Locators) that are the keys to cached web 
pages. 

Therefore, there exists a need to provide a method 
45 and apparatus that can provide user identification infor- 
mation to web sites under users' control. 

There exists another need to provide a method and 
apparatus that can provide user identification informa- 
tion to web sites with control, consistency, efficiency, 
so and convenience to the users. 

The object of the present invention is to meet these 
needs. 

According to the invention a method for providing 
information to a web site at a user terminal, character- 
's ized by the steps of: 

at the user terminal. 
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(a) establishing a plurality of information 
records with respective access level indicators 
for indicating access levels; 

(b) receiving a request from the web site with 
an access level being associated with the web 
site; 

(c) checking the access level for the web site; 
and 

(d) retrieving information records based on said 
access level indicators associated with the 
information records and the access level asso- 
ciated with the web site. 

Also according to the invention an apparatus for 
providing information to a web site at a user terminal, 
characterized by the user terminal comprising 

a receiver circuit for receiving a request from the 
web site with an access level being associated with 
the web site; and 

a processor logic for checking the access level for 
the web site; and for retrieving information based on 
the access level associated with the web site. 

The invention will be described by way of example 
with reference to the appended drawings, in which: 

Figure 1 shows an exemplary data network config- 
uration; 

Figure 2 shows a hardware block diagram of a rep- 
resentative one of the user terminals of Figure 1 ; 
Figure 3 shows a hardware block diagram for a 
computer system, which is able to support any one 
of the web sites of Figure 1 ; 
Figure 4 shows a software block diagram for a rep- 
resentative one of the user terminals, and for a rep- 
resentative one of the web sites, shown in Figure 1 ; 
Figure 5 shows BrowserlD database of Figure 4 in 
greater detail; 

Figure 6 shows BrowserlD website database of Fig- 
ure 4 in greater detail; and 
Figure 7 shows a flowchart illustrating the steps of 
disclosing user information to a web site. 

Referring to Figure 1 , there is shown an exemplary 
data network configuration 100, which includes a plural- 
ity of user terminals (102. 1p 102. 2 102. M ). a plurality 

of web sites (112.,, 112. 2 . .... 112. N ). and a data net- 
work 106. Each of the user terminals can get access to 
the web sites via data network 106. 

As shown in Figure 2, a user terminal 200 com- 
prises a processing unit 202. a memory device 204, a 
disk drive interface 208. a display interface 212, a serial 
interface 224, and a network communication interface 
234. all connected to a system bus 214. 

A hard disk 206 is coupled to the disk drive inter- 
face 208; a display monitor 21 0 is coupled to the display 
interface 212; and a mouse 225 and a keyboard 226 are 



coupled to the serial interface 224. 

Memory device 204 and the hard disk 206 are both 
able to store programs. However, memory device 204 
has faster access speed than hard disk 206. while hard 
5 <fisk 206 has higher capacity than memory device 204. 

Network communication interface 234 is able to 
provide an interface between the user terminal and data 
network 106. More specifically, all software function 
blocks as shown in figures 2 and 3 get access to data 
w network 106 via network communication interface 234 
in compliance with predetermined network protocols. 

The processing unit 202 is able to control opera- 
tions of a user terminal by executing programs stored in 
memory device 204 or hard disk 206. Processing unit 
is 202 is also able to control the transmissions of pro- 
grams and data between memory device 204 and hard 
disk 206. 

Referring to Figure 3, there is shown a hardware 
block diagram for a computer system 300. which is able 

20 to support any of the web sites (11 2.-,. 112. 2 ....» 112. N ). 
and comprises a processing unit 302. a memory device 
304, a disk drive interface 308.and a network communi- 
cation interface 334, all connected to a system bus 314. 
The disk drive interface 308 is coupled to a hard disc 

25 306. 

Memory device 304 the hard disk 306 are both able 
to store programs. However, memory device 304 has 
fester access speed than hard disk 306. while hard disk 
306 has higher capacity than memory device 304. 

30 Network communication interface 334 is able to 
provide an interface between computer 300 and data 
network 106 in compliance with pre-determined net- 
work protocols. 

Processing unit 302 is able to control operations of 

35 computer system 300 by executing programs stored in 
memory device 304 or hard disk 306, and is also able to 
control the transmissions of programs and data 
between memory device 304 and hard disk 306. 

In Figure 4. a user terminal includes five software 

40 function blocks 404 to 414. 

Browser software 404 is able to formulate and send 
requests to web sites, and to display the information 
retrieved from the web sites. Browser software is also 
able to receive user ID information requests from web 

45 sites. 

BrowserlD database 408 contains user information. 

BrowserlD client applet 406 is able to retrieve the 
user information from BrowserlD database 408 and 
passes it to browser software 404. However, BrowserlD 
so dient applet 406 will not pass any user information from 
BrowserlD database 408 without the explicit permis- 
sions the user set in the BrowserlD database 408 and 
comparing them to the defined set of permissions in the 
BrowserlD website database 410 for that web site 414. 
55 If. in response to a request for user ID information from 
a web site, no permission is granted to the web site, the 
browser software 404 will alert the user to define a per- 
mission that will be entered into the BrowserlD website 
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database 410. Browser ID client applet 406 is designed 
(programmed in Java for example) such that it can be 
executed (or interpreted) by any browser. 

Browser ID website database 410 contains the 
names of web sites and the degree of identification 5 
information to be shared. 

Graphical User Interface 412 is able to provide an 
interface between a user and software function blocks, 
including BrowserlD client applet 406 and BrowserlD 
database 408. Through display monitor 210, keyboard 
225 and mouse 226, a user is able to initialize and 
update the BrowserlD database 408_and the 
BrowserlD website database 410. and to send control 
signals to BrowserlD client applet 406. 

Server software 41 4 is able to process the requests 
for information from browsers and return the information 
to the browsers via HTTP, FTP. Gopher or other Internet 
information transfer protocols. 

When a user wants to visit web site 1 1 2, he/she can 
use keyboard 225 or mouse 226 to activate browser 
software 404 to send a service request to the web site, 
as indicated by line 426. Upon receiving the service 
request, server software 414 for the web site sends a 
request for user ID information, as indicated by line 424 
which wilt invoke the execution on the user terminal of 
Browser ID Client Applet 406. 

Figure 5 shows BrowserlD information database 
408 which contains rows of ID records, each with two 
fields, namely: a single ID Information Item followed by 
an information sharing Level Limit field. In the first 
record, the ID Information Item field contains a user's 
full name; the Level Limit field contains a numerical 
value, indicating that the name will be revealed to a web 
server of a web site if and only if the user chooses to 
provide that level of information access for that web 
server. If so, that sharing level will be indicated within 
the BrowserlD website database 410 by the Level limit 
Field. By way of another example, in the seventh record, 
the ID Information Item field contains social security 
number; the Level Indicator Field contains 7. indicating 
that the social security number will only be transmitted 
to the web server of a web site if and only if the user 
specifies a web server's access level within the 
BrowserlD website database 410 of value 7 or higher. 

In the embodiment shown in Figure 5, it is assumed 
that the greater the numerical value in the Level Limit 
field, the higher is the access level, rt can be designed 
the other way around, that is: the smaller of the numeri- 
cal value in the Level Limit field, the higher is the access 
level. This means that a record will be revealed to a web 
server of a web site if and only if the web server's 
access level from the BrowserlD website database 410 
is smaller than or equal to the Level Limit Field associ- 
ated to that record. 

As shown in Figure 6, BrowserlD website database 
410 is comprised of records with 2 fields. The first field 
is the public URL for the site. The second field contains 
the access level assigned to it by the user when infor- 



mation sharing level access was negotiated among the 
BrowserlD Client Applet and the web site server. This 
information is stored in the BrowserlD website database 
410 and is indexed by the BrowserlD database 408 
under control of the BrowserlD applet 406. 

Figure 7 illustrates the steps of disclosing user 
information to a web site. 

In step 704, a user sends a service request to one 

of the websites (112.,. 112. 2 112. N ), that requires 

access from one of the user terminals (102.-J. 102. 2 . .... 
1 02. M ) . to request an access to the web site. 

In step 706, server software 414 for the web site 
returns the web site name that will provide the service 
requested by the user and a request for information to 
BrowserlD Client applet 406. In its request, the server 
software (414) may specify the information items it 
needs, such as name, address, phone number, etc. 

In step 707, BrowserlD Client applet 406 deter- 
mines whether an entry exists for the returned web site 
name in the BrowserlD Website database 410. If an 
entry exists for the returned web she name, the opera- 
tion is led to step 710. If no entry exists for the returned 
web site name, the operation is led to step 708. 

In step 708. to negotiate a Level Limit to share infor- 
mation with the web site, BrowserlD Client applet 40S 
presents an HTML form, including the information items 
specified by sever software 414, to the user. 

Following step 708. in step 709. BrowserlD Client 
Applet 406 creates an entry in BrowserlD database 408 
for the returned web site name, and the user selects a 
Level Limit, in reference to the HTML form. The user 
may choose to the Level Limit that complies with the 
information items specified by the web site, or choose to 
grant a lower Level Limit. The operation is then led to 
step 710. 

In step 710. BrowserlD Client applet 406 deter- 
mines whether any of the information items specified by 
the web site exceed the Level Limit previously granted 
to the web site, by using the information stored in 
BrowserlD database 408 and BrowserlD website data- 
base 410. 

In step 710. if the Level Limit previously granted is 
not exceeded, the operation is led to step 712. If the 
Level Limit is exceeded, the operation is led to step 71 1 , 
in which BrowserlD Client applet 406 presents an HTML 
form to the user, asking the user to permit the increase 
in the Level Limit to the web site and asking if the user 
wants this to be a permanent update. After the user 
responds (either increases the Level Limit or keeps the 
Level Limit previously granted unchanged), the opera- 
tion is then led to step 712. 

In step 712, BrowserlD Client applet 406 responds 
to the server software with the information fields from 
BrowserlD database 408. according to the Level Unit 
granted to the web site. 

In step 722. server software 414 processes the 
requests from browser software 404. to proceed with 
web site activity. 
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Preferably, in the embodiment shown in figures 2 
and 4, the software function blocks for a user terminal 
are stored in memory device 204 or hard disk 206 and 
executed by processing unit 202. In the embodiment 
shown in figure 3, server software is stored in memory 5 
304 and executed by processing unit 302. 

W should be appreciated that the present invention 
provides a mechanism for users to control their own 4. 
identification information. As such, the present invention 
requires that the BrowserlD Client Applet which collects 10 
and delivers user information for web sites must be per- 
manently associated with the client's browser; an applet 
that is downloaded from a website server cannot be 
trusted to cooperate with the user s desire to control 
access to personal information. is 

The present invention has the advantages in that: 

(a) a user can control ID information disclosure at 
different level; (b) it is convenient for a user to pro- 
vide the ID information; (c) it creates a mechanism so 5. 
to provide a standardized mechanism and format to 
provide ID information; and (d) web servers get 
complete and accurate ID information (if disclosed). 

Claims 25 

1 . A method for providing information to a web site at 
a user terminal, characterized by the steps of: 



at the user terminal, 30 

(a) establishing a plurality of information 
records with respective access level indi- 
cators for indicating access levels; 

(b) receiving a request (706) from the web 
site with an access level being associated 
with the web site; 

(c) checking (707,710) the access level for 
the web site; and 

(d) retrieving (712) information records 
based on said access level indicators 
associated with the information records 
and the access level associated with the 
web site. 

A method according to claim 1 , in which in step (a) 
the access level associated with the web site is 
defined by the user terminal. 

A method according to daim 1 or claim 2 further 
comprising establishing a plurality of first type of 
records containing access levels associated with 
the web sites and establishing a plurality of second 
type of records, each one of said second type of 
records containing user information and access 
level associated with said one record; 



6. 



sites checking access level fa the web site 
from said first type of records, and retrieving 
information from said second type of records 
based on the access level associated with the 
web site and the access levels associated with 
said second type of records. 

An apparatus for providing information to a web site 
at a user terminal, characterized by the user termi- 
nal comprising 

a receiver circuit for receiving a request from 
the web site with an access level being associ- 
ated with the web site; and 
a processor logic for checking the access level 
for the web site; and for retrieving information 
based on the access level associated with the 
website. 

An apparatus according to claim 4 further compris- 
ing: 

a storage medium for storing a plurality of infor- 
mation records with respective access level 
indicators for indicating access levels, and 
arranged so that the processor logic retrieves 
information records based on said access level 
indicators associated with the information 
records and the access level associated with 
the web site. 

A apparatus according to claim 5 in which said 
access level indicators are definable at the user ter- 
minal. 
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